"Ken Blake, MVP" <kblake@this.is.an.invalid.domain> wrote in
news:el7Rd8jEGHA.2196@TK2MSFTNGP10.phx.gbl:

> Fuzzy Logic wrote:
>
>> "=?Utf-8?B?U3RvbmUgQ29sZA==?=" <StoneCold@discussions.microsoft.com>
>> wrote in news:C0342682-7D30-42E6-9D6B-C7E6E6AE5B1B@microsoft.com:
>>
>>> I know it is a silly question to ask but please don't see the nature
>>> of it, see the depth of the question.
>>>
>>> Can anyone recommend which is the best Firewall to defend your
>>> system ? McAfee, Black Ice or is there is anyone better than these ?
>>> any why do you recommend it.
>>> This will not be an answer for me but for others as well who wanna
>>> protect their PC's. I guess we might learn something new with
>>> Rookies's experience.
>>>
>>> Your help is very much appreciated
>>
>> The best firewall is YOU. Much like safety items for cars (seat
>> belts, air bags, ABS, AWD) they MAY help when you get into a bad
>> situation but they don't make you a better driver (some would argue
>> they make you a worse driver).
>>
>> If you learn to keep you system patched, avoid questionable web
>> sites, don't open unsolicited attachements and learn and use the
>> security features of your browser/OS you don't need a firewall.
>
> Absolutely *terrible* advice, as far as I'm concerned. What you say is
> probably literally true, but it's foolhardy to rely on it. No matter how
> careful we are, we are not machines and sometimes make mistakes we
> should know better than to do. A second line of defense, especially when
> it's free and has very little impact on performance should *always* be
> in place.

This is where the madness begins. Why just one free firewall..surely two
will be better...the same for AV software, spyware blockers etc. Not only
are you adding another level of complexity but new software that must be
maintained and may introduce new vulnerabilities.

The folly in relying on the technology instead of your head is no
different that people buying SUV's thinking they are now safer and can
drive any where, under any conditions. These people are the first in the
ditch when a storm hits.

A perfect example is the recent WMF vulnerability. You can have all the
latest patches, AV software, firewall etc. but just download a WMF file
can result in bad things happening to you.

I have encountered similar problems with users who have all the right
security software installed and visit a site that has a popup that says
they have a virus or spyware and if you click here we'll fix it for you.
Guess what they click it and get malware.

> What you suggest is like saying "I'm a very careful drive; I never go
> over 20 miles an hour nor more than five miles from home. I don't need a
> seat belt."

I would prefer to say I will not add any additional safety features to my
car and drive defensively and I am likely as safe as I am going to be
while on the road.

Regardless of the preventative measures we take there are still going to
be risks. I have opted for a lean and mean machine and using my head
instead of relying on 3rd party solutions that also must be
updated/patched as they too get vulnerabilities. I have also taken the
time to disable unneeded services and lock down IE. I do use the firewall
in WindowsXP but my old Windows 98SE machine has no firewall as there are
no open ports to defend.